7 files changed, 194 insertions, 39 deletions

diff --git a/Puppetfile_extras b/Puppetfile_extras
index 50a9294..10425cc 100644
--- a/Puppetfile_extras
+++ b/Puppetfile_extras
@@ -36,3 +36,7 @@ mod 'ntp',
 mod 'systemd',
   :git => 'https://github.com/camptocamp/puppet-systemd',
   :ref => 'master'
+
+mod 'ssh',
+  :git => 'https://github.com/saz/puppet-ssh',
+  :ref => 'v3.0.1'
diff --git a/manifests/profile/base/gnocchi/api.pp b/manifests/profile/base/gnocchi/api.pp
index 92431e4..029eb99 100644
--- a/manifests/profile/base/gnocchi/api.pp
+++ b/manifests/profile/base/gnocchi/api.pp
@@ -96,14 +96,16 @@ class tripleo::profile::base::gnocchi::api (
     include ::gnocchi::db::sync
   }
 
-  if $step >= 4 {
+  if $step >= 3 {
     include ::gnocchi::api
     include ::apache::mod::ssl
     class { '::gnocchi::wsgi::apache':
       ssl_cert => $tls_certfile,
       ssl_key  => $tls_keyfile,
     }
+  }
 
+  if $step >= 4 {
     class { '::gnocchi::storage':
       coordination_url => join(['redis://:', hiera('gnocchi_redis_password'), '@', normalize_ip_for_uri(hiera('redis_vip')), ':6379/']),
     }
diff --git a/manifests/profile/base/sshd.pp b/manifests/profile/base/sshd.pp
index e7916c1..2b86032 100644
--- a/manifests/profile/base/sshd.pp
+++ b/manifests/profile/base/sshd.pp
@@ -15,47 +15,45 @@
 #
 # == Class: tripleo::profile::base::sshd
 #
-# SSH profile for tripleo
+# SSH composable service for TripleO
 #
 # === Parameters
 #
 # [*bannertext*]
-#   The text used within SSH Banner
+#   The text used within /etc/issue and /etc/issue.net
 #   Defaults to hiera('BannerText')
 #
+# [*motd*]
+#   The text used within SSH Banner
+#   Defaults to hiera('MOTD')
+#
 class tripleo::profile::base::sshd (
   $bannertext = hiera('BannerText', undef),
+  $motd = hiera('MOTD', undef),
 ) {
 
-  if $bannertext {
-    $action = 'set'
-  } else {
-    $action = 'rm'
-  }
-
-  package {'openssh-server':
-    ensure => installed,
-  }
+  include ::ssh::server
 
-  augeas { 'sshd_config_banner':
-    context => '/files/etc/ssh/sshd_config',
-    changes => [ "${action} Banner /etc/issue"  ],
-    notify  => Service['sshd']
-  }
-
-  file { '/etc/issue':
-    ensure  => file,
-    backup  => false,
-    content => $bannertext,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0600'
+  if $bannertext {
+    $filelist = [ '/etc/issue', '/etc/issue.net', ]
+    file { $filelist:
+      ensure  => file,
+      backup  => false,
+      content => $bannertext,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644'
+    }
   }
 
-  service { 'sshd':
-    ensure    => 'running',
-    enable    => true,
-    hasstatus => false,
-    require   => Package['openssh-server'],
+  if $motd {
+    file { '/etc/motd':
+      ensure  => file,
+      backup  => false,
+      content => $motd,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0644'
+    }
   }
 }
diff --git a/releasenotes/notes/sshd-437c531301f458bb.yaml b/releasenotes/notes/sshd-437c531301f458bb.yaml
index 0086cb0..5997289 100644
--- a/releasenotes/notes/sshd-437c531301f458bb.yaml
+++ b/releasenotes/notes/sshd-437c531301f458bb.yaml
@@ -1,3 +1,5 @@
 ---
 features:
-  - Added manifest and template to enable configuration of sshd_config
+  - Added /etc/issue & /etc/issue.net parameters
+  - Added MOTD banner parameters
+  - Added external module saz-ssh to allow management of sshd_config
diff --git a/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb
new file mode 100644
index 0000000..805a28e
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_gnocchi_api_spec.rb
@@ -0,0 +1,101 @@
+#
+# Copyright (C) 2017 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::gnocchi::api' do
+  shared_examples_for 'tripleo::profile::base::gnocchi::api' do
+    let(:pre_condition) do
+      "class { '::tripleo::profile::base::gnocchi': step => #{params[:step]}, }"
+    end
+
+    context 'with step less than 3' do
+      let(:params) { { :step => 2 } }
+
+      it {
+        is_expected.to contain_class('tripleo::profile::base::gnocchi::api')
+        is_expected.to_not contain_class('gnocchi::api')
+        is_expected.to_not contain_class('gnocchi::wsgi::apache')
+      }
+    end
+
+    context 'with step 3 on bootstrap' do
+      let(:params) { {
+        :step => 3,
+        :bootstrap_node => 'node.example.com',
+      } }
+
+      it {
+        is_expected.to contain_class('gnocchi::db::sync')
+        is_expected.to contain_class('gnocchi::api')
+        is_expected.to contain_class('gnocchi::wsgi::apache')
+      }
+    end
+
+    context 'with step 3' do
+      let(:params) { {
+        :step => 3,
+      } }
+
+      it {
+        is_expected.to_not contain_class('gnocchi::db::sync')
+        is_expected.to contain_class('gnocchi::api')
+        is_expected.to contain_class('gnocchi::wsgi::apache')
+      }
+    end
+
+    # TODO(aschultz): fix profile class to not include hiera look ups in the
+    # step 4 so we can properly test it
+    #context 'with step 4' do
+    #  let(:params) { {
+    #    :step            => 4,
+    #  } }
+    #
+    #  it {
+    #    is_expected.to contain_class('gnocchi::api')
+    #    is_expected.to contain_class('gnocchi::wsgi::apache')
+    #    is_expected.to contain_class('gnocchi::storage')
+    #  }
+    #end
+    #
+    #context 'with step 5 on bootstrap' do
+    #  let(:params) { {
+    #    :step => 5,
+    #    :bootstrap_node => 'node.example.com'
+    #  } }
+    #
+    #  it {
+    #    is_expected.to contain_class('gnocchi::api')
+    #    is_expected.to contain_class('gnocchi::wsgi::apache')
+    #    is_expected.to contain_exec('run gnocchi upgrade with storage').with(
+    #      :command => 'gnocchi-upgrade --config-file=/etc/gnocchi/gnocchi.conf',
+    #      :path    => ['/usr/bin', '/usr/sbin']
+    #    )
+    #  }
+    #end
+  end
+
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let(:facts) do
+        facts.merge({ :hostname => 'node.example.com' })
+      end
+
+      it_behaves_like 'tripleo::profile::base::gnocchi::api'
+    end
+  end
+end
diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb
index 210b41c..e84a1f5 100644
--- a/spec/classes/tripleo_profile_base_sshd_spec.rb
+++ b/spec/classes/tripleo_profile_base_sshd_spec.rb
@@ -1,4 +1,4 @@
-# Copyright 2016 Red Hat, Inc.
+# Copyright 2017 Red Hat, Inc.
 # All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -13,18 +13,64 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 #
+# Unit tests for tripleo::profile::base::sshd
+#
 
 require 'spec_helper'
 
 describe 'tripleo::profile::base::sshd' do
 
-  context 'with banner configured' do
-    it do
-      is_expected.to contain_file('/etc/issue').with({
-        'owner'  => 'root',
-        'group'  => 'root',
-        'mode'   => '0600',
-        })
+  shared_examples_for 'tripleo::profile::base::sshd' do
+
+    context 'it should do nothing' do
+      it do
+        is_expected.to contain_class('ssh::server')
+        is_expected.to_not contain_file('/etc/issue')
+        is_expected.to_not contain_file('/etc/issue.net')
+        is_expected.to_not contain_file('/etc/motd')
+      end
+    end
+
+    context 'with issue and issue.net configured' do
+      let(:params) {{ :bannertext => 'foo' }}
+      it do
+        is_expected.to contain_file('/etc/issue').with({
+          'content' => 'foo',
+          'owner'   => 'root',
+          'group'   => 'root',
+          'mode'    => '0644',
+          })
+        is_expected.to contain_file('/etc/issue.net').with({
+          'content' => 'foo',
+          'owner'   => 'root',
+          'group'   => 'root',
+          'mode'    => '0644',
+          })
+        is_expected.to_not contain_file('/etc/motd')
+      end
+    end
+
+    context 'with motd configured' do
+      let(:params) {{ :motd => 'foo' }}
+      it do
+        is_expected.to contain_file('/etc/motd').with({
+          'content' => 'foo',
+          'owner'   => 'root',
+          'group'   => 'root',
+          'mode'    => '0644',
+          })
+        is_expected.to_not contain_file('/etc/issue')
+        is_expected.to_not contain_file('/etc/issue.net')
+      end
+    end
+  end
+
+  on_supported_os.each do |os, facts|
+    context "on #{os}" do
+      let (:facts) {
+        facts
+      }
+      it_behaves_like 'tripleo::profile::base::sshd'
     end
   end
 end
diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml
index 592c308..94d2b28 100644
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@@ -24,6 +24,8 @@ ceph::profile::params::rgw_keystone_admin_password: 'keystone_admin_password'
 # cinder related items
 cinder::rabbit_password: 'password'
 cinder::keystone::authtoken::password: 'password'
+# gnocchi related items
+gnocchi::keystone::authtoken::password: 'password'
 # nova related items
 nova::rabbit_password: 'password'
 nova::keystone::authtoken::password: 'password'